[OK] Des plages publicitaires s'ouvrent intempestivement

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 07 Juin 2011, 09:22

Bonjour NickW,

Manifestement nous sommes engagés dans un grand nettoyage de printemps, tout d'abord je t'informe n'avoir vu apparaître aucune page intempestive depuis ce matin, c'est déjà un bon signe.
Je te joins comme demandé le rapport Systemlook:

SystemLook 04.09.10 by jpshortstuff
Log created at 09:36 on 07/06/2011 by Daniel
Administrator - Elevation successful

========== dir ==========

C:\Users\Daniel\AppData\Local\{6349B85D-302B-40D1-BEC8-E65872996241} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{581E38CD-2485-4EDE-ADC7-FA519EA4A469} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{74C8AD08-6F92-4920-A816-1F1FC2039D16} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{58FC68BA-D3EF-48E9-BB41-D4EF7BB4F225} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{A283AD34-BA4B-4DEE-A15B-A3E5E96EE38B} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{7336B61A-5B2F-4D33-B327-9F84C499A794} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{15F1D13F-2453-4CD1-BFCD-D18EA7FAE696} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{1A4796EA-EBF3-4685-8986-42B6610B9637} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{1F5A0C1D-1B0A-4E87-910F-DF61CF73FA01} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{FC7B4718-1C91-4E69-B1C3-1ED30F54CCB9} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{77320DD5-C1D8-4A24-9081-379A5488BDCF} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{C94656F4-2BE5-4BEB-BCDB-71D20BFA0AAA} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{09758500-1551-4D25-A2A3-8A709612B48B} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{F72EBE46-8CD7-4827-9F38-B898E9DCB270} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{36569CB9-E184-4351-86C4-5DABAFBE18ED} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{8F5475A4-4F9B-4DBA-AE66-1DAA36889048} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Daniel\AppData\Local\{474AEB6F-61B7-4FD5-A433-39E25DEFC626} - Parameters: "/s"

---Files---
None found.

No folders found.

-= EOF =-

Voici le fichier de correction OTL:

All processes killed
========== OTL ==========
Prefs.js: "Search-Results" removed from browser.search.defaultengine
Prefs.js: "Search-Results" removed from browser.search.defaultenginename
Prefs.js: "Softonic France FF Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search-Results" removed from browser.search.order.1
Prefs.js: "Search-Results" removed from browser.search.selectedEngine
Prefs.js: "http://getii.com/dvds" removed from browser.startup.homepage
Prefs.js: reducbarre@reducbarre.com:1.1 removed from extensions.enabledItems
Prefs.js: quickstores@quickstores.de:1.1.0 removed from extensions.enabledItems
Prefs.js: support@predictad.com:1.11 removed from extensions.enabledItems
Prefs.js: {6d6b212b-2245-4898-8b16-9a11b81ff9e1}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\searchplugin folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\META-INF folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\lib folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1} folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com\defaults\preferences folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com\chrome\content folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com folder moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\search-results.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
========== FILES ==========
File\Folder C:\Users\Daniel\AppData\Roaming\Agence-Exclusive not found.
File\Folder C:\Users\Daniel\AppData\Roaming\FissaSearch not found.
File\Folder C:\Users\Daniel\AppData\Local\Agence-Exclusive not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daniel
->Temp folder emptied: 7308156 bytes
->Temporary Internet Files folder emptied: 296300083 bytes
->Java cache emptied: 2492485 bytes
->FireFox cache emptied: 48655576 bytes
->Google Chrome cache emptied: 26327031 bytes
->Flash cache emptied: 1677 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Invité
->Temp folder emptied: 434713 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25027 bytes
RecycleBin emptied: 224582 bytes

Total Files Cleaned = 364,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06072011_093948

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\JET9337.tmp moved successfully.
File\Folder C:\Windows\temp\JETF925.tmp not found!

Registry entries deleted on Reboot...
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 07 Juin 2011, 09:24

Je te joins maintenant le dossier OTL principal après correction:

OTL logfile created on: 07/06/2011 10:12:02 - Run 5
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Daniel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,58% Memory free
4,00 Gb Paging File | 2,80 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 107,39 Gb Free Space | 46,11% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 704,22 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 927,56 Gb Free Space | 99,58% Space Free | Partition Type: NTFS

Computer Name: PC-DE-DANIEL | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/26 06:17:14 | 000,562,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/03/23 17:26:22 | 000,392,192 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/25 18:36:38 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/01/13 10:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/08/03 19:30:45 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/09/12 17:38:50 | 000,358,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:38:46 | 000,661,160 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 17:38:16 | 005,081,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009/06/20 08:07:04 | 000,955,712 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Volume Panel\VolPanlu.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
MOD - [2011/01/13 10:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (MBC)
SRV - File not found [On_Demand | Stopped] -- -- (GCADNGNQ)
SRV - File not found [On_Demand | Stopped] -- -- (AZGCGQZ)
SRV - File not found [On_Demand | Stopped] -- -- (ALMYCN)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/18 12:14:27 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/03/26 06:17:14 | 000,562,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/03 19:30:45 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/06/02 23:18:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/20 17:06:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/23 14:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/09/12 17:38:46 | 000,661,160 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/31 20:34:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/18 14:48:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2011/01/13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/06 12:59:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/15 17:55:01 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/11/26 09:23:42 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/09/01 17:25:44 | 001,603,712 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2010/08/26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/08/03 19:30:47 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/08/03 19:30:41 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010/08/03 19:30:39 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/01 10:45:34 | 000,028,000 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/09/23 14:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/09/02 11:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/26 22:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/10/24 08:12:36 | 000,308,640 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgTun.sys -- (MicNgTun)
DRV - [2008/10/24 08:12:36 | 000,081,184 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgBas.sys -- (MicNgBas)
DRV - [2008/10/24 08:12:36 | 000,079,904 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgCap.sys -- (MicNgCap)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIZWG0&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/05 09:06:45 | 000,000,000 | ---D | M]

[2010/08/09 16:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2011/06/07 09:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions
[2010/08/09 16:30:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 10:34:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/05 08:53:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/04/05 08:53:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/05 09:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\staged
[2009/12/07 09:50:51 | 000,002,171 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\bing.xml
[2011/01/06 13:03:47 | 000,002,055 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\daemon-search.xml
[2011/04/11 11:55:50 | 000,001,775 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\live-search.xml
[2011/06/07 09:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 17:49:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 11:38:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 09:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/04 08:40:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/23 11:09:14 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchaudio.xml

O1 HOSTS File: ([2009/06/04 08:47:37 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10575 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {1660B308-BECB-4062-890D-396B2FBBC8CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Service Scheduler2 Acronis] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3644966581-75328946-59165048-1000..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/58.10/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.5.cab (DLM Control)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/activex/MaConfig_3_5_3_0.cab (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... .0.0.1.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} http://cabs.rte.fr/RteAllCabsMFC.cab (RteDocumatDoc Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5452DAD3-92A9-4C07-B452-2BD54AD0CEAD}
[2011/06/06 14:21:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Cyberlink
[2011/06/06 14:21:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\CyberLink PhotoDirector 2011
[2011/06/06 14:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2011/06/06 14:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2011/06/06 09:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/06/06 08:36:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{08A1D462-341F-4B35-BDE2-C1C968BFBC7E}
[2011/06/05 17:28:25 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/05 17:19:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2011/06/05 09:41:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{6349B85D-302B-40D1-BEC8-E65872996241}
[2011/06/04 15:05:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{581E38CD-2485-4EDE-ADC7-FA519EA4A469}
[2011/06/03 11:38:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{74C8AD08-6F92-4920-A816-1F1FC2039D16}
[2011/06/02 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{58FC68BA-D3EF-48E9-BB41-D4EF7BB4F225}
[2011/06/01 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A283AD34-BA4B-4DEE-A15B-A3E5E96EE38B}
[2011/05/31 23:19:20 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/05/31 23:09:46 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/05/31 22:37:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7336B61A-5B2F-4D33-B327-9F84C499A794}
[2011/05/31 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{15F1D13F-2453-4CD1-BFCD-D18EA7FAE696}
[2011/05/30 12:05:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1A4796EA-EBF3-4685-8986-42B6610B9637}
[2011/05/29 23:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Google Chrome
[2011/05/29 23:14:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1F5A0C1D-1B0A-4E87-910F-DF61CF73FA01}
[2011/05/29 08:27:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FC7B4718-1C91-4E69-B1C3-1ED30F54CCB9}
[2011/05/28 13:39:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{77320DD5-C1D8-4A24-9081-379A5488BDCF}
[2011/05/27 22:59:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C94656F4-2BE5-4BEB-BCDB-71D20BFA0AAA}
[2011/05/27 10:49:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{09758500-1551-4D25-A2A3-8A709612B48B}
[2011/05/26 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F72EBE46-8CD7-4827-9F38-B898E9DCB270}
[2011/05/26 18:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Google Earth
[2011/05/26 07:56:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{36569CB9-E184-4351-86C4-5DABAFBE18ED}
[2011/05/25 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F5475A4-4F9B-4DBA-AE66-1DAA36889048}
[2011/05/25 08:12:45 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/24 09:11:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{474AEB6F-61B7-4FD5-A433-39E25DEFC626}
[2011/05/23 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2011/05/23 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.thumbnails
[2011/05/23 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\gegl-0.0
[2011/05/23 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.gimp-2.6
[2011/05/23 14:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F0DCDFA-456E-4D2F-B5B1-EA605BBC0AD5}
[2011/05/22 23:35:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0F5D71C8-D1C4-4C16-A88D-9A64DAA182BF}
[2011/05/22 08:42:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{88210974-C3FF-4B55-9E6C-54407B976735}
[2011/05/21 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D101FDA5-542B-4057-9A35-2E476F94B7B4}
[2011/05/20 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{60A70ADA-EA3F-4639-A78D-457D6F800E46}
[2011/05/19 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{467C9702-F3C9-4179-A697-9E1085745CE0}
[2011/05/19 13:42:07 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/19 10:03:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/18 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D2D08A21-2770-4F1B-A9D4-05F69C795733}
[2011/05/18 09:28:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{51B2F41F-1465-46DC-943B-8839417FD191}
[2011/05/17 12:25:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BA4BF613-ABC1-4A23-8957-D1720BE32CC9}
[2011/05/16 22:28:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FFA4A09D-CE4A-4C5A-80C3-E84F8F59E027}
[2011/05/13 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D332A073-C9C6-45B1-BA95-5E55D00D9637}
[2011/05/13 09:40:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BBAAC572-7252-424F-991B-2ECAF8F763BD}
[2011/05/12 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1CE9CEEA-1E56-44AE-9C98-5EC02AD11154}
[2011/05/11 23:37:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7FA7A2FE-DF47-4815-9F9D-A18171F9A262}
[2011/05/11 11:46:31 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 11:46:31 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 11:46:29 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 11:46:29 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/10 23:33:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9127690D-2D56-4216-B7BC-274131EB2DF7}
[2011/05/10 08:28:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C03FE8D1-C0DF-40A3-ADCC-C65B7ED3239C}
[2011/05/09 12:24:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B8605DD3-6EF9-443D-9354-8CAF1ED3425D}
[2011/05/08 23:15:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8C9D886B-6219-493F-8F64-FE2279ABBB73}
[2009/12/12 00:49:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Daniel\AppData\Roaming\pcouffin.sys
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/06/07 10:11:46 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/07 10:09:36 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 10:09:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/07 10:09:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 10:09:09 | 1610,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 10:08:25 | 000,055,828 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/07 10:08:25 | 000,055,828 | ---- | M] () -- C:\Windows\System32\BMXState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/07 10:08:25 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/07 09:28:23 | 000,075,264 | ---- | M] () -- C:\Users\Daniel\Desktop\SystemLook.exe
[2011/06/07 09:20:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 08:15:48 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 08:15:48 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 14:21:05 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 2011.lnk
[2011/06/06 14:17:09 | 099,991,640 | ---- | M] () -- C:\Users\Daniel\Documents\CyberLink.v1730_36089_Spr_PTD110506-02.exe
[2011/06/06 09:31:37 | 000,001,793 | ---- | M] () -- C:\Users\Daniel\Desktop\AD-R.lnk
[2011/06/06 09:22:37 | 000,343,020 | ---- | M] () -- C:\Users\Daniel\Desktop\ToolBarSD.exe
[2011/06/06 09:21:08 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/06 09:19:10 | 000,001,484 | ---- | M] () -- C:\Users\Daniel\Desktop\AD-R - Raccourci.lnk
[2011/06/05 18:16:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/06/05 17:47:52 | 000,000,850 | ---- | M] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2011/06/05 17:47:52 | 000,000,831 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2011/06/05 17:30:57 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 17:29:02 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/05 17:21:27 | 000,000,417 | ---- | M] () -- C:\Users\Daniel\Desktop\scan (1).zip
[2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2011/06/05 11:56:31 | 000,001,995 | ---- | M] () -- C:\Users\Daniel\Desktop\HijackThis.lnk
[2011/05/31 23:20:18 | 084,506,924 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-DE-DANIEL.zip
[2011/05/31 23:03:19 | 000,001,516 | ---- | M] () -- C:\Users\Daniel\Desktop\UsbFix.exe - Raccourci.lnk
[2011/05/29 23:48:41 | 000,002,141 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/29 23:46:16 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/26 18:23:48 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/23 19:33:30 | 000,000,889 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel
[2011/05/22 09:12:09 | 000,000,176 | ---- | M] () -- C:\Users\Daniel\Desktop\Apprendre à faire des photos et à les retoucher 1point2vue.url
[2011/05/22 09:01:54 | 001,059,202 | ---- | M] () -- C:\Users\Daniel\Desktop\PremierPasEnPhoto.pdf
[2011/05/21 08:55:46 | 000,000,141 | ---- | M] () -- C:\Users\Daniel\Desktop\Gimp les tutoriaux the gimp.url
[2011/05/19 10:03:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/07 09:28:23 | 000,075,264 | ---- | C] () -- C:\Users\Daniel\Desktop\SystemLook.exe
[2011/06/06 14:21:05 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 2011.lnk
[2011/06/06 14:07:37 | 099,991,640 | ---- | C] () -- C:\Users\Daniel\Documents\CyberLink.v1730_36089_Spr_PTD110506-02.exe
[2011/06/06 09:31:37 | 000,001,793 | ---- | C] () -- C:\Users\Daniel\Desktop\AD-R.lnk
[2011/06/06 09:22:37 | 000,343,020 | ---- | C] () -- C:\Users\Daniel\Desktop\ToolBarSD.exe
[2011/06/06 09:19:10 | 000,001,484 | ---- | C] () -- C:\Users\Daniel\Desktop\AD-R - Raccourci.lnk
[2011/06/05 18:16:35 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/06/05 17:47:52 | 000,000,850 | ---- | C] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2011/06/05 17:47:52 | 000,000,831 | ---- | C] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2011/06/05 17:20:59 | 000,000,417 | ---- | C] () -- C:\Users\Daniel\Desktop\scan (1).zip
[2011/06/05 11:56:31 | 000,001,995 | ---- | C] () -- C:\Users\Daniel\Desktop\HijackThis.lnk
[2011/05/31 23:20:09 | 084,506,924 | ---- | C] () -- C:\UsbFix_Upload_Me_PC-DE-DANIEL.zip
[2011/05/31 23:03:19 | 000,001,516 | ---- | C] () -- C:\Users\Daniel\Desktop\UsbFix.exe - Raccourci.lnk
[2011/05/29 23:48:41 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/29 23:48:41 | 000,002,141 | ---- | C] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/29 23:46:16 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/26 18:23:48 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/23 19:33:30 | 000,000,889 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011/05/22 09:12:09 | 000,000,176 | ---- | C] () -- C:\Users\Daniel\Desktop\Apprendre à faire des photos et à les retoucher 1point2vue.url
[2011/05/22 09:01:54 | 001,059,202 | ---- | C] () -- C:\Users\Daniel\Desktop\PremierPasEnPhoto.pdf
[2011/05/21 08:55:46 | 000,000,141 | ---- | C] () -- C:\Users\Daniel\Desktop\Gimp les tutoriaux the gimp.url
[2011/03/25 12:42:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/02/01 18:54:08 | 000,000,077 | ---- | C] () -- C:\Windows\MovieHunter.INI
[2010/11/24 09:49:05 | 000,005,037 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/11/24 00:33:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2010/08/15 14:56:38 | 000,131,072 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2010/07/09 18:19:18 | 000,001,057 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\vso_ts_preview.xml
[2010/06/16 15:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/04/26 09:01:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/14 10:56:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/20 13:08:46 | 000,000,775 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\WtvWatcher.settings
[2009/12/13 20:18:36 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/12 11:56:47 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/12/12 00:49:48 | 000,087,608 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\inst.exe
[2009/12/12 00:49:48 | 000,007,887 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\pcouffin.cat
[2009/12/12 00:49:48 | 000,001,144 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\pcouffin.inf
[2009/12/06 21:36:25 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/12/06 10:06:03 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009/12/06 10:05:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009/12/06 10:05:11 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/12/06 10:05:11 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 14:24:38 | 000,000,594 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\QuickZip45.ini
[2009/11/02 11:21:38 | 000,023,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 21:00:54 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/01 20:21:00 | 000,021,680 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/01 19:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/01 19:59:12 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/11/01 19:59:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/11/01 10:45:34 | 000,037,888 | ---- | C] () -- C:\Windows\System32\setupnt.dll
[2009/10/21 09:57:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/14 11:31:24 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2009/08/20 16:13:49 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2009/08/03 17:22:40 | 000,031,007 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\UserTile.png
[2009/08/01 18:23:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/27 17:53:40 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/07/14 10:39:49 | 000,839,024 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/14 10:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/14 10:39:49 | 000,184,290 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/14 10:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,311,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,745,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,156,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/30 10:07:22 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2008/12/21 18:00:26 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/12/19 00:24:10 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIFRN.DLL
[2008/02/01 08:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2007/09/20 12:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 12:33:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 12:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 12:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 12:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 12:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 12:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 12:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 12:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 12:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 12:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 12:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 12:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 12:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 12:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 12:33:52 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/20 12:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 12:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 12:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 845 bytes -> C:\Users\Daniel\Documents\Amazon_fr_ votre commande.eml:OECustomProperty
@Alternate Data Stream - 24 bytes -> C:\Windows:FDB1FA436426B802
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C7D0F96D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C1374ACE

< End of report >
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 08 Juin 2011, 06:53

Bonjour NickW,
Depuis l'envoi de mes derniers rapports je n'ai enregistré aucune ouverture intempestive de page publicitaire, Le problème semble donc résolu.
Je te remercie de tous tes efforts pour me sortir de cette attaque.
J'attends ta réponse pour me confirmer que tout est OK.
Daniel.
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede nickW » 08 Juin 2011, 23:15

Bonsoir,

Je te remercie de tous tes efforts pour me sortir de cette attaque.

Désolée, mais il n'y a pas eu d'attaque: C'est toi qui a accepté de recevoir toutes ces pubs!

Il faut toujours télécharger les logiciels depuis le site de leur créateur (C'est, par exemple, le seul moyen d'être sûr d'avoir la dernière version).

Il ne faut jamais installer les barres d'outils (alias "toolbars") proposées lors de l'installation de logiciels (gratuits ou non).
Ce sont souvent de grands vecteurs de publicités.

Il faut toujours lire attentivement les conditions d'utilisation.




Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:


ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut créer un nouveau point de restauration qui sera utilisable en cas de problème.
Voir ce tutoriel - paragraphe "Créer un point de restauration". Merci à libellules.ch


ImageUn conseil important:
Il faut mettre à jour l'antivirus avast!


ImageUn conseil important:
Java de Oracle
Installer la dernière version de Java de Oracle.

Version actuelle: Java SE Runtime Environment (JRE) 6 Update 26 - JRE 6 Update 26

Ouvrir la page: http://www.oracle.com/technetwork/java/ ... index.html
Note: Javascript doit être autorisé.

Dans le paragraphe "Java Platform, Standard Edition", cliquer sur Download JRE.

Sur la page suivante, cocher le bouton radio placé devant "Accept License Agreement" et choisir le téléchargement Windows x86 Offline

Télécharger le fichier jre-6u26-windows-i586.exe, 15,85 MB

Fermer tous les navigateurs (Internet Explorer, Firefox, etc), puis faire un double clic sur jre-6u25-windows-i586.exe pour lancer l'installation.

Après l'installation de la nouvelle version, il est impératif de désinstaller toutes les versions obsolètes dont les failles sont utilisées par les "malveillants".
Pour ce faire:
Via Ajout/Suppression de programmes, désinstaller:
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 22


ImageUn conseil important:
Il faut sécuriser Firefox:

Certaines extensions me semblent presque indispensables:
Adblock Plus https://addons.mozilla.org/fr/firefox/addon/1865/
CookieSafe (ou similaire) https://addons.mozilla.org/fr/firefox/addon/2497/
Dr.Web anti-virus link checker https://addons.mozilla.org/fr/firefox/addon/938/
Flashblock https://addons.mozilla.org/fr/firefox/addon/433/
NoScript https://addons.mozilla.org/fr/firefox/addon/722/
RefControl https://addons.mozilla.org/fr/firefox/addon/953/
ShowIP https://addons.mozilla.org/fr/firefox/addon/590/
WOT https://addons.mozilla.org/fr/firefox/addon/3456/
IsAdmin https://addons.mozilla.org/fr/firefox/addon/4259/

Vérifier que les plugins de Forefox sont à jour:
http://www.mozilla.com/en-US/plugincheck/


ImageUn conseil:
Erunt permet de faire une sauvegarde du Registre.
Il est intéressant de l'utiliser avant d'installer un nouveau programme (en cas de problème, il permettra de revenir en arrière).


ImageUn conseil:
La version gratuite de MBAM (Malwarebytes' Anti-Malware) reste utilisable pour effectuer des analyses à la demande.
Tu peux donc choisir de la laisser installée, et de l'utiliser de temps en temps (pour faire du "nettoyage") en faisant une mise à jour manuelle avant de demander l'examen.


ImageUn conseil:
Penser aux mises à jour.
Adobe Reader X (10.0.1)
http://get.adobe.com/fr/reader/

OpenOffice.org 3.3.0
http://fr.openoffice.org/

VLC media player 1.1.10
http://www.fr.videolan.org/

PC Wizard 2010.1.961
http://www.cpuid.com/softwares/pc-wizard.html


ImageUn conseil:
Via l'Explorateur Windows, tu peux supprimer les dossiers (ils sont tous vides):

C:\Users\Daniel\AppData\Local\{6349B85D-302B-40D1-BEC8-E65872996241}
C:\Users\Daniel\AppData\Local\{581E38CD-2485-4EDE-ADC7-FA519EA4A469}
C:\Users\Daniel\AppData\Local\{74C8AD08-6F92-4920-A816-1F1FC2039D16}
C:\Users\Daniel\AppData\Local\{58FC68BA-D3EF-48E9-BB41-D4EF7BB4F225}
C:\Users\Daniel\AppData\Local\{A283AD34-BA4B-4DEE-A15B-A3E5E96EE38B}
C:\Users\Daniel\AppData\Local\{7336B61A-5B2F-4D33-B327-9F84C499A794}
C:\Users\Daniel\AppData\Local\{15F1D13F-2453-4CD1-BFCD-D18EA7FAE696}
C:\Users\Daniel\AppData\Local\{1A4796EA-EBF3-4685-8986-42B6610B9637}
C:\Users\Daniel\AppData\Local\{1F5A0C1D-1B0A-4E87-910F-DF61CF73FA01}
C:\Users\Daniel\AppData\Local\{FC7B4718-1C91-4E69-B1C3-1ED30F54CCB9}
C:\Users\Daniel\AppData\Local\{77320DD5-C1D8-4A24-9081-379A5488BDCF}
C:\Users\Daniel\AppData\Local\{C94656F4-2BE5-4BEB-BCDB-71D20BFA0AAA}
C:\Users\Daniel\AppData\Local\{09758500-1551-4D25-A2A3-8A709612B48B}
C:\Users\Daniel\AppData\Local\{F72EBE46-8CD7-4827-9F38-B898E9DCB270}
C:\Users\Daniel\AppData\Local\{36569CB9-E184-4351-86C4-5DABAFBE18ED}
C:\Users\Daniel\AppData\Local\{8F5475A4-4F9B-4DBA-AE66-1DAA36889048}
C:\Users\Daniel\AppData\Local\{474AEB6F-61B7-4FD5-A433-39E25DEFC626}


ImageUn conseil:
Image Il est préférable de supprimer OTL (fichier téléchargé OTL.exe et fichiers résultats OTL.Txt et Extras.Txt situés sur le Bureau, ainsi que, s'ils existent, les fichiers de travail fix.txt et scan.txt).
Note: S'il existe, le dossier SystemDrive\_OTL contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Il est préférable de supprimer Ad-Remover (lancer le programme et cliquer sur le bouton Désinstaller, puis supprimer le fichier téléchargé AD-R.exe et le raccourci AD-R sur le Bureau).
Image Il est préférable de supprimer SystemLook (fichier téléchargé SystemLook.exe et fichier résultat SystemLook.txt[/i] situés sur le Bureau).
Image Il est préférable de supprimer Toolbar S&D via Démarrer---->Programmes---->Toolbar S&D---->Désinstaller Toolbar S&D
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.


Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: [OK] Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 10 Juin 2011, 10:09

Bonjour NickW,
Je viens de mettre à jour les différents logiciels et supprimer ce que tu m'as demandé. Mon ordinateur. est tout propre et je vais essayer de le garder ainsi.

Je te renouvelle mes remerciements et une petite question: existe t'il une formation spécifique pour l'analyse des logs et l'utilisation des outils ?

Bonne continuation à toi et comme les vacances ne sont plus très loin ( pour ceux qui travaillent ) je te souhaite de bonnes vacances.

Daniel;
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: [OK] Des plages publicitaires s'ouvrent intempestivement

Messagede nickW » 11 Juin 2011, 15:56

Bonjour,

Un peu de lecture:

Pour comprendre les lignes d'un rapport d'analyse HijackThis (OTL reprend la classification des lignes, et en ajoute de nouvelles):
Tutoriel & Guide HijackThis

Pour voir ce qui peut se lancer au démarrage:
Une collection d'emplacements de démarrage automatique

Quant à la formation (pour devenir assistant - alias helper en anglais), c'est une entreprise de longue haleine, et il existe des sites français et américains.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 52 invités